There is a better utility available for folks. Ncat - part of famous the Nmap (5) project. It has more features than netcat that people might find useful - like SCTP, SOCKS, etc..

You can find out more about it: http://nmap.org/ncat/

There's a better utility available than ncat. It's called socat. It has more features than ncat that people might find useful.

http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES

Dropped into the comments to mention socat. I use it regularly to debug serial and multicast issues or to lash up network logging for random shell scripts. It's a very valuable addition to the toolbox IMO.

Edit: somehow my phone managed to post this comment three times. I've deleted the others

I really like socat, and use it pretty regularly for interfacing with unix sockets. Ncat, and socat have a divergent featureset though. Some combination of the two yields good results.

Ncat is also more compassionate regarding command line parameters.

Depending on the nc app you have installed on your machine, params will have to be passed using different flags or in differing orders (someone should post why there are different kinds of netcat, I forget). Ncat accepts either format, and sends you cards on your birthday.

I second that Nmap recommendation.

Also, fping is an excellent ping sweeper if that's all you need (and it's now being updated again).

http://fping.org/

You should also know about the so-called "netcat mode" in OpenSSH:

   -W host:port
       Requests that standard input and output on the client be
       forwarded to host on port over the secure channel.  Implies -N,
       -T, ExitOnForwardFailure and ClearAllForwardings.  Works with
       Protocol version 2 only.

I only discovered this recently - I was using a literal "nc %h %p" rather than this shortcut.

Also worth noting this is also extremely useful when used in your ~/.ssh/config file.

Can you give an example of how you'd use it in your config?

Sure. I have something like:

  Host <bastion>
    Hostname <bastion>
    User gateway
    ForwardAgent yes

  Host 10.0.*
    User <username>
    ProxyCommand ssh -W %h:%p <bastion>

Where bastion is the NAT/Bastion SSH host for my infrastructure. 10.0.* are internal IP addresses, which don't work on my network, but get passed through to the bastion (where they do work). Pretty handy as I can just "ssh <internal address>"

Thanks!

Also check out socat: It's like netcat, but bidirectional. http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES

More than just bidirectional: It supports a lot of other socket types, and other shenanigans. I use socat a lot for testing network services, gluing together applications, and lots of other places where writing a little C program would otherwise be needed.

All of these tools were not necessary if Networking were file based, like the /net FS in Plan9.

It is the first major occasion where Unix went in a completely wrong direction. The second one was the X server.

Make a fuse filesystem for networking then...

Stupid LAN trick: you can combine nc with pbcopy/pbpaste for distributed copy/paste on macs.

I do something similar with local port forwarding in ssh - I can also use this to open files on remote servers in local gui editors, and to send things to notification centre - useful if you leave a long running task in the background.

That sounds like a useful LAN trick, not a stupid one. I can't think of a situation recently where I've needed it but I'm sure it'll crop up some point.

Netcat is indeed very versatile and useful but most of the time it's used improperly when used as a server (-l mode). Unless you're doing basic network diagnostics (ex: testing if firewall ports are open) you're better off using openssl (s_server mode) or more likely good ol' SSH port forwarding.

I don't really feel like there's that many people misusing netcat out there. It's mostly useful to me as a server for hand testing client software against a known (and human-talkable) server protocol.

Is there some rash of people opening up public listening ports using netcat to... run a service of some sort? Most of the time when I need an arbitrary connection between unix machines ssh in command (not even port forward) mode is more than enough.

There are so many different variants of netcat:

nc, netcat, ncat, socat... I can never be sure of which syntax I'm going to get on an unfamiliar server.

nc, ncat, and netcat are all the "same". Any of them could be any of:

  * the original netcat (http://nc110.sourceforge.net/)
  * OpenBSD netcat
  * "GNU netcat" (not affiliated with GNU)
  * BusyBox netcat
  * Nmap ncat (well, this one is typically always "ncat")

They all take roughly the same, but different, syntax, like 'cp', 'ls', or any of the *nix utilities with multiple implementations.

On a related note it's always annoyed me when people use "telnet" when they mean "make a TCP connection" as in "can you telnet to the port?"

When providing support, you have to be very precise when you ask someone to perform a check. The sentence "can you telnet to the port" is unambiguous. The sentence "can you make a TCP connection" leaves the choice of the tool unspecified. Depending of their background, some people may use ping (subject to different firewall rules), or a browser (subject to proxy configuration).

Ping doesn't make TCP connections!

I know, but for many people, pinging the remote host is their single idea for network issue analyse.

When I'm testing a mail server I'll sometimes use telnet to connect (eg to port 110), or openssl for testing secured connections. What should I be using; or is it just the nomenclature you're bothered about?

One thing I like about the original and the gnu netcat is the z option: `nc -z host port; echo $?` for quick testing.

I'm under the impression that socat is the most versatile, but probably involves more typing for similar commands.

Be aware that GNU netcat and BSD netcat are incompatible. Many a time have I attempted to cat a file from a Mac to a PC running Linux, only to have found that Nothing Happens (tm). I just recently realized that installing BSD netcat on Linux solves the problem. Not sure what the actual incompatibility is, just a heads up.

For my own purposes[1], I wrote these wrappers that abstract the differences between the two versions of nc that I had to deal with away:

https://github.com/pflanze/chj-bin/blob/master/netcat-get https://github.com/pflanze/chj-bin/blob/master/netcat-push https://github.com/pflanze/chj-bin/blob/master/netcat-receiv... https://github.com/pflanze/chj-bin/blob/master/netcat-serve-...

(They use 'have' from here: https://github.com/pflanze/chj-bin/blob/master/have )

[1] for example my way to transfer files between servers: https://github.com/pflanze/chj-bin/blob/master/netoffer (which depends on netfetch from the same place)

If I remember correctly one of them requires you to specify the port with -p separately, and the other gets it from -l. So it's nc -l 1234 on one, and nc -l -p 1234 on the other.

I just confirmed this is not the case. Could you share what you were doing?

Seems like bartbes pointed out the problem. I suppose not specifying the port correctly makes it use some default port or something like that.

Some more examples at wikipedia

http://en.wikipedia.org/wiki/Netcat#Examples

BSD's nc doesn't have the (arguably unsafe) -e option.